Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost.exe infected with Trojan Agent


  • Please log in to reply
8 replies to this topic

#1 TPoole

TPoole

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 24 March 2012 - 12:15 PM

As the topic title says, a few months back my svchost.exe got infected with a trojan agent. After countless attempts with various programs to solve this issue, I gave up. However, its starting to bog down my computer even more and I'm getting tired of it, so here I am. I appreciate any help you guys may be able to provide me with in solving this issue.

Edit: Should have read the "Before You Post About A Problem" thread first.

I am currently running Windows Vista Home Basic 64-bit SP2. I have tried using Malwarebytes, it identifies 2 infected files. Both svchost.exe, one as a file and the other as a memory process. AVG identifies in the hundreds of infected files, and claims to have cleaned/removed exactly half of them every time. TrojanScanner identifies svchost.exe as the only infected file. SuperAntiSpyware doesn't even identify any infected files. Both malwarebytes and trojanscanner claimed to have cleaned/removed the infected file everytime, but upon reboot and a rescan, the issue persists.

As far as I can tell, the virus just causes programs to crash, although I'm sure its doing more. I constantly get an error message telling me that RealPlayer has stopped working, even when its not running in the first place. I'll randomly get error messages telling me that other programs/processes have stopped working as well.

Edit: Problem Solved.

Edited by TPoole, 25 March 2012 - 04:19 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:33 PM

Posted 24 March 2012 - 06:16 PM

Hello and welcome,please run these next..

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

>>>>>>
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer

>>>>>
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, [color="#8B0000"]Post new scan log
and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 TPoole

TPoole
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 24 March 2012 - 11:50 PM

MiniToolBox by Farbar Version: 18-01-2012
Ran by Trae (administrator) on 25-03-2012 at 00:46:38
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Teh-Uber-Sauce
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : columbus.rr.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : columbus.rr.com
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-22-15-CF-A7-C3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1866:6a3a:3fcf:a690%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, March 24, 2012 12:49:02 PM
Lease Expires . . . . . . . . . . : Sunday, March 25, 2012 12:49:59 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 167780885
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-EA-5A-E0-00-22-15-CF-A7-C3
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : columbus.rr.com
Description . . . . . . . . . . . : isatap.columbus.rr.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:48d:34e3:3f57:fe9b(Preferred)
Link-local IPv6 Address . . . . . : fe80::48d:34e3:3f57:fe9b%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 74.125.225.72
74.125.225.73
74.125.225.78
74.125.225.64
74.125.225.65
74.125.225.66
74.125.225.67
74.125.225.68
74.125.225.69
74.125.225.70
74.125.225.71



Pinging google.com [74.125.225.69] with 32 bytes of data:

Reply from 74.125.225.69: bytes=32 time=28ms TTL=54

Reply from 74.125.225.69: bytes=32 time=27ms TTL=54



Ping statistics for 74.125.225.69:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 27ms, Maximum = 28ms, Average = 27ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=56ms TTL=52

Reply from 209.191.122.70: bytes=32 time=54ms TTL=52



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 54ms, Maximum = 56ms, Average = 55ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
10 ...00 22 15 cf a7 c3 ...... Realtek PCIe GBE Family Controller
1 ........................... Software Loopback Interface 1
15 ...00 00 00 00 00 00 00 e0 isatap.columbus.rr.com
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.100 276
192.168.1.100 255.255.255.255 On-link 192.168.1.100 276
192.168.1.255 255.255.255.255 On-link 192.168.1.100 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.100 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.100 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 18 ::/0 On-link
1 306 ::1/128 On-link
11 18 2001::/32 On-link
11 266 2001:0:4137:9e76:48d:34e3:3f57:fe9b/128
On-link
10 276 fe80::/64 On-link
11 266 fe80::/64 On-link
11 266 fe80::48d:34e3:3f57:fe9b/128
On-link
10 276 fe80::1866:6a3a:3fcf:a690/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/24/2012 11:29:19 PM) (Source: Application Error) (User: )
Description: Faulting application RealPlay.exe, version 12.0.1.647, time stamp 0x4d921c23, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x7544a57d,
process id 0x1f4c, application start time 0xRealPlay.exe0.

Error: (03/24/2012 10:32:28 PM) (Source: Application Error) (User: )
Description: Faulting application RealPlay.exe, version 12.0.1.647, time stamp 0x4d921c23, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x7544a57d,
process id 0x1e7c, application start time 0xRealPlay.exe0.

Error: (03/24/2012 10:27:18 PM) (Source: Application Error) (User: )
Description: Faulting application RealPlay.exe, version 12.0.1.647, time stamp 0x4d921c23, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x7544a57d,
process id 0x1e9c, application start time 0xRealPlay.exe0.

Error: (03/24/2012 10:26:09 PM) (Source: Application Error) (User: )
Description: Faulting application RealPlay.exe, version 12.0.1.647, time stamp 0x4d921c23, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x7544a57d,
process id 0x1d9c, application start time 0xRealPlay.exe0.

Error: (03/24/2012 10:24:18 PM) (Source: Application Error) (User: )
Description: Faulting application RealPlay.exe, version 12.0.1.647, time stamp 0x4d921c23, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x7544a57d,
process id 0x185c, application start time 0xRealPlay.exe0.

Error: (03/24/2012 09:50:18 PM) (Source: Application Error) (User: )
Description: Faulting application RealPlay.exe, version 12.0.1.647, time stamp 0x4d921c23, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x7544a57d,
process id 0x1560, application start time 0xRealPlay.exe0.

Error: (03/24/2012 09:06:18 PM) (Source: Application Error) (User: )
Description: Faulting application RealPlay.exe, version 12.0.1.647, time stamp 0x4d921c23, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x7544a57d,
process id 0x1810, application start time 0xRealPlay.exe0.

Error: (03/24/2012 08:25:17 PM) (Source: Application Error) (User: )
Description: Faulting application RealPlay.exe, version 12.0.1.647, time stamp 0x4d921c23, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x7544a57d,
process id 0x168c, application start time 0xRealPlay.exe0.

Error: (03/24/2012 08:06:17 PM) (Source: Application Error) (User: )
Description: Faulting application RealPlay.exe, version 12.0.1.647, time stamp 0x4d921c23, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x7544a57d,
process id 0x1bcc, application start time 0xRealPlay.exe0.

Error: (03/24/2012 04:52:15 PM) (Source: Application Error) (User: )
Description: Faulting application RealPlay.exe, version 12.0.1.647, time stamp 0x4d921c23, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x7544a57d,
process id 0x13a4, application start time 0xRealPlay.exe0.


System errors:
=============
Error: (03/24/2012 00:50:27 PM) (Source: Service Control Manager) (User: )
Description: Beep
nvport
sptd

Error: (03/24/2012 00:48:51 PM) (Source: Application Popup) (User: )
Description: \??\C:\Windows\SysWow64\Drivers\nvport.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (03/24/2012 00:48:44 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (03/24/2012 00:40:34 PM) (Source: Schannel) (User: )
Description: An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (03/24/2012 00:37:02 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (03/24/2012 00:36:29 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (03/24/2012 00:31:00 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (03/24/2012 00:22:48 PM) (Source: DCOM) (User: )
Description: 1084VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (03/24/2012 00:20:28 PM) (Source: Service Control Manager) (User: )
Description: nvport
SASDIFSV
SASKUTIL
spldr
sptd
Wanarpv6

Error: (03/24/2012 00:20:28 PM) (Source: Service Control Manager) (User: )
Description: Message Queuing TriggersMessage Queuing%%1068


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

µTorrent (Version: 1.8.2)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.63)
Apple Mobile Device Support (Version: 4.0.0.97)
ATI Catalyst Install Manager (Version: 3.0.678.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.13)
CDDRV_Installer (Version: 4.60)
iTunes (Version: 10.5.1.42)
KhalInstallWrapper (Version: 4.60.122)
LinksysEasyLinkAdvisor (Version: 3.0.8122.29)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Move Media Player
NVIDIA 3D Vision Driver 266.58 (Version: 266.58)
NVIDIA Control Panel 266.58 (Version: 266.58)
NVIDIA Graphics Driver 266.58 (Version: 266.58)
NVIDIA Install Application (Version: 2.265.36.0)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
PVSonyDll (Version: 1.00.0001)
SUPERAntiSpyware (Version: 5.0.1146)
Ventrilo Client for Windows x64 (Version: 3.0.4.0)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Yahoo! BrowserPlus 2.8.1

========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 4094.18 MB
Available physical RAM: 2469.2 MB
Total Pagefile: 8426.89 MB
Available Pagefile: 5944.79 MB
Total Virtual: 4095.88 MB
Available Virtual: 3998.53 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:149.05 GB) (Free:16.71 GB) NTFS
4 Drive e: (HP v125w) (Removable) (Total:3.81 GB) (Free:2.91 GB) FAT32
5 Drive f: (Elements) (Fixed) (Total:111.79 GB) (Free:57.01 GB) NTFS

========================= Users: ========================================

User accounts for \\TEH-UBER-SAUCE

Administrator Guest Trae


**** End of log ****

#4 TPoole

TPoole
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 25 March 2012 - 01:31 AM

00:51:15.0395 7300 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
00:51:16.0347 7300 ============================================================
00:51:16.0347 7300 Current date / time: 2012/03/25 00:51:16.0347
00:51:16.0347 7300 SystemInfo:
00:51:16.0347 7300
00:51:16.0347 7300 OS Version: 6.0.6002 ServicePack: 2.0
00:51:16.0347 7300 Product type: Workstation
00:51:16.0347 7300 ComputerName: TEH-UBER-SAUCE
00:51:16.0348 7300 UserName: Trae
00:51:16.0348 7300 Windows directory: C:\Windows
00:51:16.0348 7300 System windows directory: C:\Windows
00:51:16.0348 7300 Running under WOW64
00:51:16.0348 7300 Processor architecture: Intel x64
00:51:16.0348 7300 Number of processors: 2
00:51:16.0348 7300 Page size: 0x1000
00:51:16.0348 7300 Boot type: Normal boot
00:51:16.0348 7300 ============================================================
00:51:16.0816 7300 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:51:16.0820 7300 Drive \Device\Harddisk1\DR1 - Size: 0xF4B00000 (3.82 Gb), SectorSize: 0x200, Cylinders: 0x1F3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:51:16.0823 7300 Drive \Device\Harddisk2\DR2 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:51:16.0863 7300 \Device\Harddisk0\DR0:
00:51:16.0863 7300 MBR used
00:51:16.0863 7300 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A187F8
00:51:16.0863 7300 \Device\Harddisk1\DR1:
00:51:16.0866 7300 MBR used
00:51:16.0866 7300 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0xAC8, BlocksNum 0x7A4D38
00:51:16.0866 7300 \Device\Harddisk2\DR2:
00:51:16.0867 7300 MBR used
00:51:16.0867 7300 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF943B0
00:51:16.0959 7300 Initialize success
00:51:16.0959 7300 ============================================================
00:51:19.0565 7516 ============================================================
00:51:19.0565 7516 Scan started
00:51:19.0565 7516 Mode: Manual;
00:51:19.0565 7516 ============================================================
00:51:19.0963 7516 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
00:51:19.0966 7516 !SASCORE - ok
00:51:20.0284 7516 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
00:51:20.0290 7516 ACPI - ok
00:51:20.0386 7516 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
00:51:20.0395 7516 adp94xx - ok
00:51:20.0469 7516 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
00:51:20.0476 7516 adpahci - ok
00:51:20.0507 7516 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
00:51:20.0510 7516 adpu160m - ok
00:51:20.0554 7516 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
00:51:20.0557 7516 adpu320 - ok
00:51:20.0597 7516 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
00:51:20.0599 7516 AeLookupSvc - ok
00:51:20.0653 7516 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
00:51:20.0660 7516 AFD - ok
00:51:20.0694 7516 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
00:51:20.0695 7516 agp440 - ok
00:51:20.0719 7516 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
00:51:20.0722 7516 aic78xx - ok
00:51:20.0772 7516 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
00:51:20.0774 7516 ALG - ok
00:51:20.0802 7516 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
00:51:20.0803 7516 aliide - ok
00:51:20.0825 7516 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
00:51:20.0827 7516 amdide - ok
00:51:20.0853 7516 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
00:51:20.0855 7516 AmdK8 - ok
00:51:21.0166 7516 AmdLLD64 (f5761675da9d15d7ae0e40907a8f4404) C:\Windows\system32\DRIVERS\AmdLLD64.sys
00:51:21.0167 7516 AmdLLD64 - ok
00:51:21.0206 7516 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
00:51:21.0207 7516 Appinfo - ok
00:51:21.0278 7516 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:51:21.0280 7516 Apple Mobile Device - ok
00:51:21.0372 7516 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
00:51:21.0375 7516 arc - ok
00:51:21.0418 7516 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
00:51:21.0420 7516 arcsas - ok
00:51:21.0445 7516 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
00:51:21.0446 7516 AsyncMac - ok
00:51:21.0486 7516 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
00:51:21.0487 7516 atapi - ok
00:51:21.0515 7516 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys
00:51:21.0516 7516 AtiPcie - ok
00:51:21.0559 7516 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
00:51:21.0568 7516 AudioEndpointBuilder - ok
00:51:21.0593 7516 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
00:51:21.0597 7516 AudioSrv - ok
00:51:21.0620 7516 Beep - ok
00:51:21.0667 7516 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
00:51:21.0677 7516 BFE - ok
00:51:21.0750 7516 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
00:51:21.0801 7516 BITS - ok
00:51:21.0834 7516 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
00:51:21.0835 7516 blbdrive - ok
00:51:21.0903 7516 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
00:51:21.0906 7516 Bonjour Service - ok
00:51:22.0005 7516 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
00:51:22.0007 7516 bowser - ok
00:51:22.0046 7516 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
00:51:22.0047 7516 BrFiltLo - ok
00:51:22.0082 7516 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
00:51:22.0083 7516 BrFiltUp - ok
00:51:22.0123 7516 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
00:51:22.0126 7516 Browser - ok
00:51:22.0165 7516 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
00:51:22.0167 7516 Brserid - ok
00:51:22.0453 7516 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
00:51:22.0455 7516 BrSerWdm - ok
00:51:22.0525 7516 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
00:51:22.0526 7516 BrUsbMdm - ok
00:51:22.0560 7516 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
00:51:22.0560 7516 BrUsbSer - ok
00:51:22.0593 7516 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
00:51:22.0595 7516 BTHMODEM - ok
00:51:22.0935 7516 catchme - ok
00:51:23.0067 7516 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
00:51:23.0069 7516 cdfs - ok
00:51:23.0119 7516 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
00:51:23.0124 7516 cdrom - ok
00:51:23.0192 7516 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
00:51:23.0193 7516 CertPropSvc - ok
00:51:23.0243 7516 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
00:51:23.0245 7516 circlass - ok
00:51:23.0279 7516 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
00:51:23.0287 7516 CLFS - ok
00:51:23.0363 7516 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:51:23.0364 7516 clr_optimization_v2.0.50727_32 - ok
00:51:23.0403 7516 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:51:23.0404 7516 clr_optimization_v2.0.50727_64 - ok
00:51:23.0477 7516 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:51:23.0478 7516 clr_optimization_v4.0.30319_32 - ok
00:51:23.0489 7516 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:51:23.0493 7516 clr_optimization_v4.0.30319_64 - ok
00:51:23.0549 7516 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
00:51:23.0550 7516 cmdide - ok
00:51:23.0623 7516 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
00:51:23.0624 7516 Compbatt - ok
00:51:23.0744 7516 COMSysApp - ok
00:51:23.0782 7516 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
00:51:23.0784 7516 crcdisk - ok
00:51:23.0832 7516 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
00:51:23.0833 7516 CryptSvc - ok
00:51:23.0887 7516 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
00:51:23.0922 7516 DcomLaunch - ok
00:51:23.0964 7516 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
00:51:23.0967 7516 DfsC - ok
00:51:24.0065 7516 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
00:51:24.0108 7516 DFSR - ok
00:51:24.0149 7516 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
00:51:24.0153 7516 Dhcp - ok
00:51:24.0205 7516 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
00:51:24.0207 7516 disk - ok
00:51:24.0258 7516 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
00:51:24.0259 7516 Dnscache - ok
00:51:24.0307 7516 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
00:51:24.0312 7516 dot3svc - ok
00:51:24.0344 7516 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
00:51:24.0346 7516 DPS - ok
00:51:24.0389 7516 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
00:51:24.0390 7516 drmkaud - ok
00:51:24.0403 7516 dump_wmimmc - ok
00:51:24.0469 7516 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
00:51:24.0520 7516 DXGKrnl - ok
00:51:24.0568 7516 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
00:51:24.0572 7516 E1G60 - ok
00:51:24.0612 7516 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
00:51:24.0614 7516 EapHost - ok
00:51:24.0680 7516 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
00:51:24.0684 7516 Ecache - ok
00:51:24.0752 7516 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
00:51:24.0759 7516 elxstor - ok
00:51:24.0834 7516 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
00:51:24.0843 7516 EMDMgmt - ok
00:51:24.0897 7516 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
00:51:24.0898 7516 ErrDev - ok
00:51:24.0986 7516 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
00:51:24.0991 7516 EventSystem - ok
00:51:25.0107 7516 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
00:51:25.0113 7516 exfat - ok
00:51:25.0190 7516 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
00:51:25.0196 7516 fastfat - ok
00:51:25.0239 7516 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
00:51:25.0243 7516 fdc - ok
00:51:25.0284 7516 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
00:51:25.0285 7516 fdPHost - ok
00:51:25.0308 7516 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
00:51:25.0310 7516 FDResPub - ok
00:51:25.0368 7516 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
00:51:25.0370 7516 FileInfo - ok
00:51:25.0403 7516 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
00:51:25.0404 7516 Filetrace - ok
00:51:25.0516 7516 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:51:25.0537 7516 FLEXnet Licensing Service - ok
00:51:25.0625 7516 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
00:51:25.0648 7516 flpydisk - ok
00:51:25.0710 7516 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
00:51:25.0715 7516 FltMgr - ok
00:51:25.0814 7516 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
00:51:25.0823 7516 FontCache - ok
00:51:25.0942 7516 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:51:25.0943 7516 FontCache3.0.0.0 - ok
00:51:26.0012 7516 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
00:51:26.0013 7516 Fs_Rec - ok
00:51:26.0052 7516 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
00:51:26.0054 7516 gagp30kx - ok
00:51:26.0083 7516 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:51:26.0084 7516 GEARAspiWDM - ok
00:51:26.0115 7516 getPlusHelper - ok
00:51:26.0166 7516 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
00:51:26.0209 7516 gpsvc - ok
00:51:26.0293 7516 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:51:26.0296 7516 gupdate - ok
00:51:26.0317 7516 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:51:26.0318 7516 gupdatem - ok
00:51:26.0384 7516 hamachi (f8f0851d336c3b88dbd7232b6348e09a) C:\Windows\system32\DRIVERS\hamachi.sys
00:51:26.0386 7516 hamachi - ok
00:51:26.0444 7516 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
00:51:26.0449 7516 HdAudAddService - ok
00:51:26.0513 7516 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:51:26.0540 7516 HDAudBus - ok
00:51:26.0579 7516 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
00:51:26.0580 7516 HidBth - ok
00:51:26.0618 7516 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
00:51:26.0619 7516 HidIr - ok
00:51:26.0658 7516 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
00:51:26.0660 7516 hidserv - ok
00:51:26.0743 7516 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
00:51:26.0754 7516 HidUsb - ok
00:51:26.0807 7516 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
00:51:26.0810 7516 hkmsvc - ok
00:51:26.0862 7516 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
00:51:26.0863 7516 HpCISSs - ok
00:51:26.0927 7516 HTTP (8bb04143f294169bec7f5b434c98928b) C:\Windows\system32\drivers\HTTP.sys
00:51:26.0946 7516 HTTP - ok
00:51:27.0064 7516 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
00:51:27.0076 7516 i2omp - ok
00:51:27.0121 7516 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
00:51:27.0123 7516 i8042prt - ok
00:51:27.0216 7516 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
00:51:27.0242 7516 iaStorV - ok
00:51:27.0303 7516 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:51:27.0309 7516 idsvc - ok
00:51:27.0357 7516 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
00:51:27.0365 7516 iirsp - ok
00:51:27.0435 7516 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
00:51:27.0447 7516 IKEEXT - ok
00:51:27.0472 7516 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
00:51:27.0473 7516 intelide - ok
00:51:27.0496 7516 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
00:51:27.0498 7516 intelppm - ok
00:51:27.0563 7516 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
00:51:27.0565 7516 IPBusEnum - ok
00:51:27.0625 7516 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:51:27.0627 7516 IpFilterDriver - ok
00:51:27.0669 7516 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
00:51:27.0676 7516 iphlpsvc - ok
00:51:27.0694 7516 IpInIp - ok
00:51:27.0755 7516 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
00:51:27.0757 7516 IPMIDRV - ok
00:51:27.0798 7516 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
00:51:27.0806 7516 IPNAT - ok
00:51:27.0924 7516 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe
00:51:27.0930 7516 iPod Service - ok
00:51:28.0020 7516 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
00:51:28.0022 7516 IRENUM - ok
00:51:28.0055 7516 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
00:51:28.0056 7516 isapnp - ok
00:51:28.0105 7516 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
00:51:28.0109 7516 iScsiPrt - ok
00:51:28.0150 7516 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
00:51:28.0153 7516 iteatapi - ok
00:51:28.0190 7516 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
00:51:28.0193 7516 iteraid - ok
00:51:28.0228 7516 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
00:51:28.0230 7516 kbdclass - ok
00:51:28.0267 7516 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
00:51:28.0269 7516 kbdhid - ok
00:51:28.0315 7516 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
00:51:28.0316 7516 KeyIso - ok
00:51:28.0341 7516 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
00:51:28.0349 7516 KSecDD - ok
00:51:28.0394 7516 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
00:51:28.0396 7516 ksthunk - ok
00:51:28.0444 7516 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
00:51:28.0451 7516 KtmRm - ok
00:51:28.0485 7516 L8042Kbd (bbd9bbed0de036b2297e6434b26d1ae9) C:\Windows\system32\DRIVERS\L8042Kbd.sys
00:51:28.0486 7516 L8042Kbd - ok
00:51:28.0533 7516 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
00:51:28.0538 7516 LanmanServer - ok
00:51:28.0590 7516 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
00:51:28.0596 7516 LanmanWorkstation - ok
00:51:28.0658 7516 LBTServ (4d25a79a9f67a7e2d8d5382e75fcb124) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
00:51:28.0660 7516 LBTServ - ok
00:51:28.0748 7516 LHidFilt (aa3d903c5a7538803f2400a8391f1881) C:\Windows\system32\DRIVERS\LHidFilt.Sys
00:51:28.0780 7516 LHidFilt - ok
00:51:28.0870 7516 LinksysUpdater (06dc2fdc6282f0d68910417b1150c848) C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
00:51:28.0875 7516 LinksysUpdater - ok
00:51:29.0377 7516 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
00:51:29.0378 7516 lltdio - ok
00:51:29.0434 7516 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
00:51:29.0439 7516 lltdsvc - ok
00:51:29.0489 7516 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
00:51:29.0492 7516 lmhosts - ok
00:51:29.0528 7516 LMouFilt (90b4b2b0b5f05abb9fb365405a7b825b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
00:51:29.0530 7516 LMouFilt - ok
00:51:29.0592 7516 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
00:51:29.0594 7516 LSI_FC - ok
00:51:29.0643 7516 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
00:51:29.0646 7516 LSI_SAS - ok
00:51:29.0675 7516 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
00:51:29.0678 7516 LSI_SCSI - ok
00:51:29.0736 7516 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
00:51:29.0738 7516 luafv - ok
00:51:29.0804 7516 LUsbFilt (4eb7886f6223f68ca855730a96d6110c) C:\Windows\system32\Drivers\LUsbFilt.Sys
00:51:29.0806 7516 LUsbFilt - ok
00:51:29.0844 7516 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
00:51:29.0845 7516 megasas - ok
00:51:29.0899 7516 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
00:51:29.0908 7516 MegaSR - ok
00:51:30.0027 7516 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
00:51:30.0030 7516 Microsoft Office Groove Audit Service - ok
00:51:30.0089 7516 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
00:51:30.0093 7516 MMCSS - ok
00:51:30.0130 7516 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
00:51:30.0132 7516 Modem - ok
00:51:30.0174 7516 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
00:51:30.0176 7516 monitor - ok
00:51:30.0205 7516 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
00:51:30.0206 7516 mouclass - ok
00:51:30.0228 7516 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
00:51:30.0229 7516 mouhid - ok
00:51:30.0264 7516 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
00:51:30.0266 7516 MountMgr - ok
00:51:30.0292 7516 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
00:51:30.0295 7516 mpio - ok
00:51:30.0343 7516 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
00:51:30.0345 7516 mpsdrv - ok
00:51:30.0400 7516 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
00:51:30.0411 7516 MpsSvc - ok
00:51:30.0494 7516 MQAC (9de48d8f4c81d0b54856bf0bf4358dac) C:\Windows\system32\drivers\mqac.sys
00:51:30.0497 7516 MQAC - ok
00:51:30.0570 7516 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
00:51:30.0574 7516 Mraid35x - ok
00:51:30.0634 7516 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
00:51:30.0637 7516 MRxDAV - ok
00:51:30.0674 7516 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:51:30.0677 7516 mrxsmb - ok
00:51:30.0730 7516 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:51:30.0738 7516 mrxsmb10 - ok
00:51:30.0766 7516 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:51:30.0769 7516 mrxsmb20 - ok
00:51:30.0817 7516 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
00:51:30.0818 7516 msahci - ok
00:51:31.0030 7516 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
00:51:31.0033 7516 msdsm - ok
00:51:31.0136 7516 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
00:51:31.0140 7516 MSDTC - ok
00:51:31.0179 7516 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
00:51:31.0180 7516 Msfs - ok
00:51:31.0209 7516 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
00:51:31.0210 7516 msisadrv - ok
00:51:31.0246 7516 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
00:51:31.0250 7516 MSiSCSI - ok
00:51:31.0274 7516 msiserver - ok
00:51:31.0313 7516 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
00:51:31.0314 7516 MSKSSRV - ok
00:51:31.0347 7516 MSMQ (1688723ee4b310c997c3ffbc3b9e2b45) C:\Windows\system32\mqsvc.exe
00:51:31.0348 7516 MSMQ - ok
00:51:31.0386 7516 MSMQTriggers (748d03727a50ea0a45ac75a17b534322) C:\Windows\system32\mqtgsvc.exe
00:51:31.0388 7516 MSMQTriggers - ok
00:51:31.0435 7516 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
00:51:31.0436 7516 MSPCLOCK - ok
00:51:31.0459 7516 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
00:51:31.0460 7516 MSPQM - ok
00:51:31.0515 7516 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
00:51:31.0520 7516 MsRPC - ok
00:51:31.0573 7516 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
00:51:31.0574 7516 mssmbios - ok
00:51:31.0644 7516 MSSQL$SONY_MEDIAMGR - ok
00:51:31.0694 7516 MSSQLServerADHelper (cb7524c21727404bd3140dca32deb7de) C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
00:51:31.0696 7516 MSSQLServerADHelper - ok
00:51:31.0782 7516 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
00:51:31.0783 7516 MSTEE - ok
00:51:31.0812 7516 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
00:51:31.0813 7516 MTsensor - ok
00:51:31.0837 7516 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
00:51:31.0840 7516 Mup - ok
00:51:31.0918 7516 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
00:51:31.0926 7516 napagent - ok
00:51:31.0987 7516 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
00:51:31.0990 7516 NativeWifiP - ok
00:51:32.0058 7516 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
00:51:32.0117 7516 NDIS - ok
00:51:32.0156 7516 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
00:51:32.0158 7516 NdisTapi - ok
00:51:32.0207 7516 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
00:51:32.0208 7516 Ndisuio - ok
00:51:32.0263 7516 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
00:51:32.0266 7516 NdisWan - ok
00:51:32.0283 7516 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
00:51:32.0284 7516 NDProxy - ok
00:51:32.0307 7516 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
00:51:32.0308 7516 NetBIOS - ok
00:51:32.0360 7516 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
00:51:32.0366 7516 netbt - ok
00:51:32.0412 7516 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
00:51:32.0413 7516 Netlogon - ok
00:51:32.0449 7516 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
00:51:32.0458 7516 Netman - ok
00:51:32.0489 7516 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
00:51:32.0495 7516 netprofm - ok
00:51:32.0559 7516 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:51:32.0563 7516 NetTcpPortSharing - ok
00:51:32.0630 7516 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
00:51:32.0632 7516 nfrd960 - ok
00:51:32.0664 7516 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
00:51:32.0669 7516 NlaSvc - ok
00:51:32.0706 7516 NLNdisMP - ok
00:51:32.0723 7516 NLNdisPT - ok
00:51:32.0818 7516 nmservice (82c5a813e8ea7e94dc1afa24cd803b80) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
00:51:32.0822 7516 nmservice - ok
00:51:32.0914 7516 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
00:51:32.0915 7516 Npfs - ok
00:51:32.0945 7516 npggsvc - ok
00:51:32.0979 7516 NPPTNT2 - ok
00:51:33.0014 7516 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
00:51:33.0016 7516 nsi - ok
00:51:33.0050 7516 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
00:51:33.0052 7516 nsiproxy - ok
00:51:33.0134 7516 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
00:51:33.0187 7516 Ntfs - ok
00:51:33.0259 7516 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
00:51:33.0260 7516 Null - ok
00:51:33.0590 7516 nvlddmkm (f12c5f17d48d9f5c70e4408b3ccb5443) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:51:33.0860 7516 nvlddmkm - ok
00:51:33.0904 7516 nvport - ok
00:51:33.0956 7516 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
00:51:33.0959 7516 nvraid - ok
00:51:34.0008 7516 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
00:51:34.0009 7516 nvstor - ok
00:51:34.0091 7516 nvsvc (8a55543c379b0582f0c33db447d1c892) C:\Windows\system32\nvvsvc.exe
00:51:34.0099 7516 nvsvc - ok
00:51:34.0148 7516 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
00:51:34.0152 7516 nv_agp - ok
00:51:34.0165 7516 NwlnkFlt - ok
00:51:34.0184 7516 NwlnkFwd - ok
00:51:34.0272 7516 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:51:34.0275 7516 odserv - ok
00:51:34.0346 7516 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
00:51:34.0348 7516 ohci1394 - ok
00:51:34.0464 7516 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:51:34.0465 7516 ose - ok
00:51:34.0607 7516 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
00:51:34.0642 7516 p2pimsvc - ok
00:51:34.0674 7516 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
00:51:34.0680 7516 p2psvc - ok
00:51:34.0763 7516 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
00:51:34.0765 7516 Parport - ok
00:51:34.0813 7516 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
00:51:34.0815 7516 partmgr - ok
00:51:34.0853 7516 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
00:51:34.0856 7516 PcaSvc - ok
00:51:34.0889 7516 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
00:51:34.0893 7516 pci - ok
00:51:34.0912 7516 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
00:51:34.0913 7516 pciide - ok
00:51:34.0976 7516 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
00:51:35.0017 7516 pcmcia - ok
00:51:35.0156 7516 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
00:51:35.0167 7516 PEAUTH - ok
00:51:35.0243 7516 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
00:51:35.0244 7516 PerfHost - ok
00:51:35.0316 7516 pfc - ok
00:51:35.0382 7516 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
00:51:35.0393 7516 pla - ok
00:51:35.0430 7516 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
00:51:35.0437 7516 PlugPlay - ok
00:51:35.0473 7516 pnarp (328b99e25901d314fdfb31f18a7e302e) C:\Windows\system32\DRIVERS\pnarp.sys
00:51:35.0474 7516 pnarp - ok
00:51:35.0488 7516 PnkBstrA - ok
00:51:35.0555 7516 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
00:51:35.0561 7516 PNRPAutoReg - ok
00:51:35.0596 7516 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
00:51:35.0603 7516 PNRPsvc - ok
00:51:35.0667 7516 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
00:51:35.0676 7516 PolicyAgent - ok
00:51:35.0743 7516 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
00:51:35.0745 7516 PptpMiniport - ok
00:51:35.0792 7516 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
00:51:35.0793 7516 Processor - ok
00:51:35.0850 7516 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
00:51:35.0855 7516 ProfSvc - ok
00:51:35.0902 7516 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
00:51:35.0903 7516 ProtectedStorage - ok
00:51:35.0957 7516 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
00:51:35.0958 7516 PSched - ok
00:51:36.0012 7516 purendis (e33ae01d03ebe68cd6a934bf52702bfd) C:\Windows\system32\DRIVERS\purendis.sys
00:51:36.0013 7516 purendis - ok
00:51:36.0105 7516 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
00:51:36.0127 7516 ql2300 - ok
00:51:36.0180 7516 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
00:51:36.0184 7516 ql40xx - ok
00:51:36.0239 7516 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
00:51:36.0246 7516 QWAVE - ok
00:51:36.0283 7516 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
00:51:36.0283 7516 QWAVEdrv - ok
00:51:36.0322 7516 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
00:51:36.0324 7516 RasAcd - ok
00:51:36.0367 7516 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
00:51:36.0371 7516 RasAuto - ok
00:51:36.0422 7516 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:51:36.0425 7516 Rasl2tp - ok
00:51:36.0495 7516 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
00:51:36.0500 7516 RasMan - ok
00:51:36.0554 7516 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
00:51:36.0555 7516 RasPppoe - ok
00:51:36.0612 7516 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
00:51:36.0614 7516 RasSstp - ok
00:51:36.0677 7516 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
00:51:36.0683 7516 rdbss - ok
00:51:36.0742 7516 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:51:36.0743 7516 RDPCDD - ok
00:51:36.0776 7516 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
00:51:36.0780 7516 rdpdr - ok
00:51:36.0814 7516 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
00:51:36.0815 7516 RDPENCDD - ok
00:51:36.0855 7516 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
00:51:36.0860 7516 RDPWD - ok
00:51:36.0914 7516 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
00:51:36.0916 7516 RemoteAccess - ok
00:51:36.0955 7516 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
00:51:36.0960 7516 RemoteRegistry - ok
00:51:37.0004 7516 RMCAST (f913517bb2f3a73ec6b9b65e5dc7b420) C:\Windows\system32\DRIVERS\RMCAST.sys
00:51:37.0007 7516 RMCAST - ok
00:51:37.0042 7516 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
00:51:37.0043 7516 RpcLocator - ok
00:51:37.0140 7516 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
00:51:37.0147 7516 RpcSs - ok
00:51:37.0216 7516 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
00:51:37.0218 7516 rspndr - ok
00:51:37.0279 7516 RTL8169 (b263b3aebcde2210d1cc25756601b8ea) C:\Windows\system32\DRIVERS\Rtlh64.sys
00:51:37.0285 7516 RTL8169 - ok
00:51:37.0347 7516 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
00:51:37.0348 7516 SamSs - ok
00:51:37.0427 7516 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
00:51:37.0428 7516 SASDIFSV - ok
00:51:37.0454 7516 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
00:51:37.0455 7516 SASKUTIL - ok
00:51:37.0508 7516 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
00:51:37.0510 7516 sbp2port - ok
00:51:37.0579 7516 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
00:51:37.0584 7516 SCardSvr - ok
00:51:37.0648 7516 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
00:51:37.0697 7516 Schedule - ok
00:51:37.0734 7516 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
00:51:37.0734 7516 SCPolicySvc - ok
00:51:37.0760 7516 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
00:51:37.0765 7516 SDRSVC - ok
00:51:37.0810 7516 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:51:37.0812 7516 secdrv - ok
00:51:37.0827 7516 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
00:51:37.0830 7516 seclogon - ok
00:51:37.0866 7516 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
00:51:37.0869 7516 SENS - ok
00:51:37.0912 7516 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
00:51:37.0913 7516 Serenum - ok
00:51:37.0943 7516 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
00:51:37.0945 7516 Serial - ok
00:51:37.0987 7516 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
00:51:37.0990 7516 sermouse - ok
00:51:38.0057 7516 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
00:51:38.0060 7516 SessionEnv - ok
00:51:38.0093 7516 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
00:51:38.0094 7516 sffdisk - ok
00:51:38.0135 7516 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
00:51:38.0146 7516 sffp_mmc - ok
00:51:38.0195 7516 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
00:51:38.0197 7516 sffp_sd - ok
00:51:38.0218 7516 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
00:51:38.0219 7516 sfloppy - ok
00:51:38.0277 7516 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
00:51:38.0284 7516 SharedAccess - ok
00:51:38.0347 7516 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
00:51:38.0353 7516 ShellHWDetection - ok
00:51:38.0425 7516 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
00:51:38.0427 7516 SiSRaid2 - ok
00:51:38.0455 7516 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
00:51:38.0457 7516 SiSRaid4 - ok
00:51:38.0547 7516 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
00:51:38.0616 7516 slsvc - ok
00:51:38.0698 7516 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
00:51:38.0702 7516 SLUINotify - ok
00:51:38.0747 7516 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
00:51:38.0749 7516 Smb - ok
00:51:38.0796 7516 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
00:51:38.0798 7516 SNMPTRAP - ok
00:51:38.0880 7516 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
00:51:38.0883 7516 spldr - ok
00:51:38.0944 7516 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
00:51:38.0948 7516 Spooler - ok
00:51:38.0989 7516 sptd - ok
00:51:39.0064 7516 SQLAgent$SONY_MEDIAMGR - ok
00:51:39.0163 7516 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
00:51:39.0171 7516 srv - ok
00:51:39.0236 7516 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
00:51:39.0240 7516 srv2 - ok
00:51:39.0302 7516 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
00:51:39.0305 7516 srvnet - ok
00:51:39.0352 7516 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
00:51:39.0357 7516 SSDPSRV - ok
00:51:39.0384 7516 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
00:51:39.0388 7516 SstpSvc - ok
00:51:39.0416 7516 Steam Client Service - ok
00:51:39.0489 7516 Stereo Service (8c37c35fb2d9692dda0eddbca58bfe18) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
00:51:39.0497 7516 Stereo Service - ok
00:51:39.0618 7516 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
00:51:39.0631 7516 stisvc - ok
00:51:39.0679 7516 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
00:51:39.0681 7516 swenum - ok
00:51:39.0757 7516 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
00:51:39.0767 7516 swprv - ok
00:51:39.0810 7516 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
00:51:39.0813 7516 Symc8xx - ok
00:51:39.0844 7516 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
00:51:39.0846 7516 Sym_hi - ok
00:51:39.0894 7516 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
00:51:39.0896 7516 Sym_u3 - ok
00:51:39.0945 7516 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
00:51:39.0979 7516 SysMain - ok
00:51:40.0006 7516 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
00:51:40.0009 7516 TabletInputService - ok
00:51:40.0047 7516 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
00:51:40.0056 7516 TapiSrv - ok
00:51:40.0128 7516 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
00:51:40.0130 7516 TBS - ok
00:51:40.0204 7516 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
00:51:40.0255 7516 Tcpip - ok
00:51:40.0337 7516 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
00:51:40.0347 7516 Tcpip6 - ok
00:51:40.0410 7516 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
00:51:40.0413 7516 tcpipreg - ok
00:51:40.0462 7516 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
00:51:40.0463 7516 TDPIPE - ok
00:51:40.0489 7516 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
00:51:40.0490 7516 TDTCP - ok
00:51:40.0557 7516 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
00:51:40.0559 7516 tdx - ok
00:51:40.0600 7516 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
00:51:40.0602 7516 TermDD - ok
00:51:40.0652 7516 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
00:51:40.0704 7516 TermService - ok
00:51:40.0749 7516 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
00:51:40.0754 7516 Themes - ok
00:51:40.0783 7516 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
00:51:40.0784 7516 THREADORDER - ok
00:51:40.0817 7516 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
00:51:40.0823 7516 TrkWks - ok
00:51:40.0879 7516 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
00:51:40.0880 7516 TrustedInstaller - ok
00:51:40.0954 7516 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:51:40.0956 7516 tssecsrv - ok
00:51:40.0994 7516 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
00:51:40.0995 7516 tunmp - ok
00:51:41.0029 7516 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
00:51:41.0034 7516 tunnel - ok
00:51:41.0078 7516 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
00:51:41.0099 7516 uagp35 - ok
00:51:41.0158 7516 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
00:51:41.0164 7516 udfs - ok
00:51:41.0216 7516 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
00:51:41.0218 7516 UI0Detect - ok
00:51:41.0292 7516 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
00:51:41.0294 7516 uliagpkx - ok
00:51:41.0365 7516 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
00:51:41.0373 7516 uliahci - ok
00:51:41.0452 7516 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
00:51:41.0456 7516 UlSata - ok
00:51:41.0497 7516 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
00:51:41.0501 7516 ulsata2 - ok
00:51:41.0578 7516 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
00:51:41.0579 7516 umbus - ok
00:51:41.0623 7516 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
00:51:41.0627 7516 upnphost - ok
00:51:41.0696 7516 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
00:51:41.0698 7516 USBAAPL64 - ok
00:51:41.0742 7516 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
00:51:41.0745 7516 usbaudio - ok
00:51:41.0786 7516 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
00:51:41.0788 7516 usbccgp - ok
00:51:41.0828 7516 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
00:51:41.0833 7516 usbcir - ok
00:51:41.0885 7516 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
00:51:41.0886 7516 usbehci - ok
00:51:41.0913 7516 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
00:51:41.0919 7516 usbhub - ok
00:51:41.0964 7516 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
00:51:41.0965 7516 usbohci - ok
00:51:42.0003 7516 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
00:51:42.0004 7516 usbprint - ok
00:51:42.0037 7516 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
00:51:42.0038 7516 usbscan - ok
00:51:42.0113 7516 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:51:42.0116 7516 USBSTOR - ok
00:51:42.0159 7516 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
00:51:42.0160 7516 usbuhci - ok
00:51:42.0203 7516 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
00:51:42.0206 7516 UxSms - ok
00:51:42.0254 7516 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
00:51:42.0264 7516 vds - ok
00:51:42.0319 7516 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
00:51:42.0320 7516 vga - ok
00:51:42.0340 7516 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
00:51:42.0342 7516 VgaSave - ok
00:51:42.0378 7516 VIAHdAudAddService (ecf1881073f9c55ccf626bc229ca30df) C:\Windows\system32\drivers\viahduaa.sys
00:51:42.0386 7516 VIAHdAudAddService - ok
00:51:42.0432 7516 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
00:51:42.0433 7516 viaide - ok
00:51:42.0470 7516 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
00:51:42.0473 7516 volmgr - ok
00:51:42.0543 7516 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
00:51:42.0548 7516 volmgrx - ok
00:51:42.0612 7516 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
00:51:42.0616 7516 volsnap - ok
00:51:42.0679 7516 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
00:51:42.0683 7516 vsmraid - ok
00:51:42.0755 7516 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
00:51:42.0804 7516 VSS - ok
00:51:42.0830 7516 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
00:51:42.0839 7516 W32Time - ok
00:51:42.0920 7516 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
00:51:42.0922 7516 WacomPen - ok
00:51:42.0959 7516 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
00:51:42.0964 7516 Wanarp - ok
00:51:42.0969 7516 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
00:51:42.0973 7516 Wanarpv6 - ok
00:51:43.0133 7516 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
00:51:43.0176 7516 wcncsvc - ok
00:51:43.0238 7516 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
00:51:43.0240 7516 WcsPlugInService - ok
00:51:43.0282 7516 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
00:51:43.0283 7516 Wd - ok
00:51:43.0337 7516 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
00:51:43.0398 7516 Wdf01000 - ok
00:51:43.0442 7516 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
00:51:43.0445 7516 WdiServiceHost - ok
00:51:43.0454 7516 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
00:51:43.0456 7516 WdiSystemHost - ok
00:51:43.0508 7516 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
00:51:43.0515 7516 WebClient - ok
00:51:43.0584 7516 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
00:51:43.0589 7516 Wecsvc - ok
00:51:43.0635 7516 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
00:51:43.0638 7516 wercplsupport - ok
00:51:43.0664 7516 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
00:51:43.0668 7516 WerSvc - ok
00:51:43.0713 7516 WinDefend - ok
00:51:43.0719 7516 WinHttpAutoProxySvc - ok
00:51:43.0824 7516 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
00:51:43.0829 7516 Winmgmt - ok
00:51:43.0928 7516 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
00:51:43.0943 7516 WinRM - ok
00:51:44.0043 7516 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
00:51:44.0055 7516 Wlansvc - ok
00:51:44.0190 7516 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:51:44.0284 7516 wlidsvc - ok
00:51:44.0366 7516 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:51:44.0366 7516 WmiAcpi - ok
00:51:44.0437 7516 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
00:51:44.0441 7516 wmiApSrv - ok
00:51:44.0483 7516 WMPNetworkSvc - ok
00:51:44.0526 7516 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
00:51:44.0532 7516 WPCSvc - ok
00:51:44.0575 7516 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
00:51:44.0579 7516 WPDBusEnum - ok
00:51:44.0785 7516 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
00:51:44.0804 7516 WpdUsb - ok
00:51:44.0951 7516 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:51:44.0957 7516 WPFFontCache_v0400 - ok
00:51:45.0019 7516 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
00:51:45.0020 7516 ws2ifsl - ok
00:51:45.0062 7516 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
00:51:45.0066 7516 wscsvc - ok
00:51:45.0084 7516 WSearch - ok
00:51:45.0182 7516 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
00:51:45.0290 7516 wuauserv - ok
00:51:45.0330 7516 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:51:45.0334 7516 WUDFRd - ok
00:51:45.0373 7516 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
00:51:45.0375 7516 wudfsvc - ok
00:51:45.0437 7516 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
00:51:45.0442 7516 YahooAUService - ok
00:51:45.0475 7516 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
00:51:45.0503 7516 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
00:51:45.0503 7516 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
00:51:45.0517 7516 MBR (0x1B8) (66d0b28c8b44e531d0c19f436252abaa) \Device\Harddisk1\DR1
00:51:45.0530 7516 \Device\Harddisk1\DR1 - ok
00:51:45.0537 7516 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
00:51:45.0543 7516 \Device\Harddisk2\DR2 - ok
00:51:45.0588 7516 Boot (0x1200) (2365e2079616d2aa60968e818a36db93) \Device\Harddisk0\DR0\Partition0
00:51:45.0610 7516 \Device\Harddisk0\DR0\Partition0 - ok
00:51:45.0622 7516 Boot (0x1200) (1d622a29d35fd749c5d5c97afb0b072f) \Device\Harddisk1\DR1\Partition0
00:51:45.0626 7516 \Device\Harddisk1\DR1\Partition0 - ok
00:51:45.0633 7516 Boot (0x1200) (fe873cfd76cce25cf61ec3c4f68e3cb0) \Device\Harddisk2\DR2\Partition0
00:51:45.0639 7516 \Device\Harddisk2\DR2\Partition0 - ok
00:51:45.0639 7516 ============================================================
00:51:45.0639 7516 Scan finished
00:51:45.0639 7516 ============================================================
00:51:45.0657 7436 Detected object count: 1
00:51:45.0657 7436 Actual detected object count: 1
00:52:10.0526 7436 \Device\Harddisk0\DR0\# - copied to quarantine
00:52:10.0527 7436 \Device\Harddisk0\DR0 - copied to quarantine
00:52:10.0573 7436 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
00:52:10.0574 7436 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
00:52:10.0576 7436 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
00:52:10.0578 7436 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
00:52:10.0580 7436 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
00:52:10.0595 7436 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
00:52:10.0603 7436 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
00:52:10.0612 7436 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
00:52:10.0614 7436 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
00:52:10.0615 7436 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
00:52:10.0662 7436 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
00:52:10.0663 7436 \Device\Harddisk0\DR0 - ok
00:52:16.0210 7436 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
02:22:08.0887 5076 Deinitialize success

It had to reboot.

#5 TPoole

TPoole
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 25 March 2012 - 02:48 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-25 02:33:14
-----------------------------
02:33:14.701 OS Version: Windows x64 6.0.6002 Service Pack 2
02:33:14.701 Number of processors: 2 586 0x6B02
02:33:14.702 ComputerName: TEH-UBER-SAUCE UserName: Trae
02:33:16.018 Initialize success
02:33:38.090 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:33:38.096 Disk 0 Vendor: ST3160815AS 3.AAD Size: 152627MB BusType: 3
02:33:38.111 Disk 0 MBR read successfully
02:33:38.116 Disk 0 MBR scan
02:33:38.122 Disk 0 Windows 7 default MBR code
02:33:38.132 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152624 MB offset 2048
02:33:38.158 Disk 0 scanning C:\Windows\system32\drivers
02:33:45.356 Service scanning
02:34:18.133 Modules scanning
02:34:18.135 Disk 0 trace - called modules:
02:34:18.154 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys
02:34:18.155 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b12790]
02:34:18.156 3 CLASSPNP.SYS[fffffa6000fd2c33] -> nt!IofCallDriver -> [0xfffffa80049d7520]
02:34:18.156 5 acpi.sys[fffffa60008f9fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80049cd940]
02:34:18.158 Scan finished successfully
02:35:23.819 Disk 0 MBR has been saved successfully to "C:\Users\Trae\Desktop\MBR.dat"
02:35:23.830 The log file has been saved successfully to "C:\Users\Trae\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-25 03:07:56
-----------------------------
03:07:56.528 OS Version: Windows x64 6.0.6002 Service Pack 2
03:07:56.528 Number of processors: 2 586 0x6B02
03:07:56.530 ComputerName: TEH-UBER-SAUCE UserName: Trae
03:07:57.234 Initialze error C000010E - driver not loaded
03:07:57.491 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
03:08:51.804 AVAST engine defs: 12032401
03:09:22.929 Service scanning
03:09:53.241 Modules scanning
03:09:53.241 Disk 0 trace - called modules:
03:09:53.242
03:09:54.038 AVAST engine scan C:\Windows
03:09:57.172 AVAST engine scan C:\Windows\system32
03:14:53.616 AVAST engine scan C:\Windows\system32\drivers
03:15:15.863 AVAST engine scan C:\Users\Trae
03:24:27.721 AVAST engine scan C:\ProgramData
03:43:53.993 Scan finished successfully
03:47:05.751 The log file has been saved successfully to "C:\Users\Trae\Desktop\aswMBR.txt"

#6 TPoole

TPoole
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 25 March 2012 - 03:13 AM

Malwarebytes reported no infected files. I'ma reboot and rescan however. Upon a reboot, both Malwarebytes and AVG report no infected files. Thanks a lot boopme, I really appreciate your help.

Edited by TPoole, 25 March 2012 - 04:11 AM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:33 PM

Posted 25 March 2012 - 01:26 PM

You're welcome. I'd suspect you picked this up off a torrent download.
00:51:45.0657 7436 Detected object count: 1
00:51:45.0657 7436 Actual detected object count: 1
00:52:10.0526 7436 \Device\Harddisk0\DR0\# - copied to quarantine
00:52:10.0527 7436 \Device\Harddisk0\DR0 - copied to quarantine
00:52:10.0573 7436 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
00:52:10.0574 7436 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
00:52:10.0576 7436 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
00:52:10.0578 7436 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
00:52:10.0580 7436 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
00:52:10.0595 7436 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
00:52:10.0603 7436 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
00:52:10.0612 7436 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
00:52:10.0614 7436 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
00:52:10.0615 7436 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
00:52:10.0662 7436 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
00:52:10.0663 7436 \Device\Harddisk0\DR0 - ok
00:52:16.0210 7436 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
02:22:08.0887 5076 Deinitialize success


You need to change the passwords on here.


To be sure we did not miss anything ..I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.

Edited by boopme, 27 March 2012 - 02:12 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 TPoole

TPoole
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 27 March 2012 - 09:50 AM

Sorry for the delayed reply.

C:\Program Files (x86)\Cheat Engine\Cheat Engine.exe a variant of Win32/HackTool.CheatEngine.AA application cleaned by deleting - quarantined
C:\Program Files (x86)\Cheat Engine\dbk32.dll a variant of Win32/HackTool.CheatEngine.AA application cleaned by deleting - quarantined
C:\Program Files (x86)\Cheat Engine\Systemcallretriever.exe a variant of Win32/HackTool.SystemCall.AA application cleaned by deleting - quarantined
C:\Program Files (x86)\Cheat Engine\systemcallsignal.exe a variant of Win32/HackTool.SystemCall.AA application cleaned by deleting - quarantined
C:\Users\Trae\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\375e065f-5ef59b2b a variant of Java/Agent.BR trojan deleted - quarantined

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:33 PM

Posted 27 March 2012 - 02:16 PM

Hello again, Cheat Engine may not be malware but is seen as such. If you use that you may need to reinstall it.
http://www.cheatengine.org/downloads.php


Other than that it;s looking good. If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users